European organisations are taking longer to detect breaches than their counterparts in North America, according to a study by FireEye.
Organisations in EMEA are taking almost six months (175 days) to detect an intruder in their networks, which is rather more than the 102 days that the firm found when asking the same questions last year. In contrast, the median dwell time in the Americas improved to 76 days in 2017 from 99 in 2016. Globally it stands at 101 days.
The findings about European breach detection are a particular concern because of the looming GDPR deadline, which will introduce tougher breach disclosure guidelines for organisations that hold Europeans citizens’ data. GDPR can also mean fines of €20 million, or four per cent of global turnover, whichever is higher.
FireEye’s report also records a growing trend of repeat attacks by hackers looking for a second bite of the cherry. A majority (56 per cent) of global organisations that received incident response support were targeted again by the same of a similarly motivated attack group, FireEye reports.
FireEye has historically blamed China for many of the breaches its incident response teams detected. But as the geo-political landscape has changed Russia and North Korea are getting more and more “credit” for alleged cyber-nasties.
But a different country – Iran – features predominantly in attacks tracked by FireEye last year. Throughout 2017, Iran grew more capable from an offensive perspective. FireEye said that it “observed a significant increase in the number of cyber-attacks originating from Iran-sponsored threat actors”.
FireEye’s latest annual M-Trends report (pdf) is based on information gathered during investigations conducted by its security analysts in 2017 and uncovers emerging trends and tactics that threat actors used to compromise organisations.